Tagged With encryption
With all the brouhaha going on in Canberra recently, the draft of a piece of very important legislation was introduced along with an explanatory note. The Telecommunications and Other Legislation Amendment (Assistance and Access) Bill 2018 might sound all soft and fluffy but it's anything but that. This is a piece of legislation that will compel IT companies that create encrypted systems to "assist" the government with access to encrypted communications.
You might know what a virtual private network (VPN) is, but the odds of you actually using one are low. You really should be using a VPN -- ultimately, you may end up seeing it as just as vital as your internet connection. We'll tell you why, explain how to choose a VPN provider and list five that are worth considering.
Breaking into devices that are protected with strong encryption has been a vexed issue for the government. While, on one hand it's easy to see the rationale for law enforcement wanting to access devices during criminal investigations, this needs to be balanced by the desire, or perhaps even right, for individuals to expect that their private communications and information remain private. But the government is pushing on with their legislative agenda, seeking to compel tech companies to help them access encrypted messages.
Earlier this month, Microsoft announced a number of new tools and protections for Office 365 that are designed to boost security for cloud users. This included new file recovery tools, password protection when sharing links over email and the ability to prevent a message from being forwarded (something I bet Claire Swire wish had existed back in 2000). Now, the promised email encryption feature is also being rolled out.
With the ongoing battle being waged between folks wanting to protect their privacy and governments that want to ensure they can access all our communications, just in case bad people want to do stuff, Russia recently upped the ante by banning the popular messaging app Telegram. The ban follows Telegram's developers refusing to hand over encryption keys. But the knock on effect is causing widespread havoc.
Over the weekend more excerpts and analysis from James Comey's book, "A Hughes Loyalty" hit the media. And while much of the coverage focusses on his descriptions of the US President and his government, there were some other tidbits in there. In particular, there are some comments Comey made comments regarding the disconnect been the FBI and tech community with regards to encryption. And those comments are important when it comes to legislation that is an advanced stage of development here.
The Minister for Home Affairs, Petter Dutton, has flagged that he plans to introduce legislation to the parliament that will compel companies that provide end-to-end encryption on products and services to decrypt communications and data when requested. But there seems to be a fundamental difference in understanding in how encryption works and how they think it works.
While WhatsApp boasts great end-to-end encryption of messages which is great for those who crave privacy - but a source of chagrin for many in the law enforcement community - it seems the messaging service is susceptible to attacks on user privacy. A research paper released at a security event this week describes how group chats can be leveraged by snoops.
We live in an era where ideas can turn into vast sums of money, and then disappear, in the blink of an eye. Many of today's start-ups start with a way of changing business process and then commercialise that idea. But Nir Gabay, the founder of El-Sight, focussed on solving a very specific problem. And his hardware solution has massive implications that go far beyond his original vision. EL-Sight's core product is a mobile digital video recorder (DVR) that can securely store and transmit data.
We're often told that one of the best protections we can have for our data is to use end-to-end encryption when data is at rest and in-flight so, in the event data is lost either accidentally or though a malicious act, the potential damage is minimised. But a recent study of 331 individuals conducted by the pinion Institute and sponsored by Thales - who has a big business in encryption - says just 32% of Australians have an enterprise-wide encryption policy.
We've all lost a flash drive or two. Whether it was a cheap USB drive containing some promotional material, or a top secret one detailing the security protocol pertaining to a certain Queen of England's travel plans, sometimes we forget things, and have to hope that our sensitive information doesn't fall into the wrong hands. Securing your hardware by encrypting your flash drive beforehand will prevent unauthorised individuals from getting into your misplaced media. It won't get your flash drive back any faster, but you'll know that you and your data aren't in danger while your USB is at large.
Virtual private networks (or VPNs) are great for protecting your privacy and data while you browse the web. They provide increased security on public Wi-Fi networks (coffee shops, airports, etc), and prevent ISPs from collecting personal data, data they want to sell to advertisers. VPNs are also pretty good at letting users circumvent location-based content restrictions put in place by companies like YouTube, Spotify and Netflix. While they're not foolproof, here's how to pick a VPN, and boost your chance of enjoying Game Of Thrones without paying Foxtel a dime.
KRACK - or the Key Reinstallation AttaCK - looks like the new infosec word we all need to know. According to the authors of a paper that will be presented at conference in a couple of weeks, Mathy Vanhoef of KU Leuven and Frank Piessens say they have found a way to circumvent WPA2 security - one of the key tools used for protecting wireless networks. If KRACk proves to be true, all bets are off when it comes to stopping eavesdroppers from listening in to your wireless network.
A while back, I woke up to find my Android phone lingering at a pattern unlock screen. Not just to unlock my screen, but a prompt to decrypt all of my phone's data. I was puzzled. Every other morning, I decrypted my device using a 10-digit, alphanumeric passphrase -- something I perceived, accurately, as being infinitely more secure than tracing a dumb pattern with my finger.
Your data, from the Christmas party photos you took last year to the tax return you filed (thank God for extensions, right?) is in more places than you think, which means securing as much of it as you can is vital. But the idea of encryption can be intimidating to the inexperienced, and often involves discussion of more esoteric topics like PGP, decryption keys and other terms with which you may be unfamiliar. Fortunately, iOS and Android make it easy to secure your data and protect it from malicious hackers and anyone looking to extract personal information.